diff options
author | Andrew Dolgov <[email protected]> | 2017-11-20 08:48:18 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2017-11-20 08:48:18 +0300 |
commit | 2352c320c2ed34ec7df1ad22f0c55a1b26489815 (patch) | |
tree | 0dfd1f5e45be3092b3938660d91d8a191c988d55 | |
parent | 9d930af9e109884f219a2254dc444c7a943b1e6e (diff) |
fix possible sql injection in public/forgotpass
-rw-r--r-- | classes/handler/public.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/classes/handler/public.php b/classes/handler/public.php index d3c854ae4..ec41ddb87 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -688,7 +688,7 @@ class Handler_Public extends Handler { @$method = $_POST['method']; if ($hash) { - $login = $_REQUEST["login"]; + $login = $this->dbh->escape_string($_REQUEST["login"]); if ($login) { $result = $this->dbh->query("SELECT id, resetpass_token FROM ttrss_users @@ -1018,4 +1018,4 @@ class Handler_Public extends Handler { } } } -?>
\ No newline at end of file +?> |